Target Got Warnings About Hack—and Ignored Them

It even turned off program to delete malware, says Businessweek

(Newser)
–
If only Target had top-notch security software in place to prevent last year's disastrous hack. Oh wait, it did. In fact, a report by Businessweek/Bloomberg says the software was essentially screaming that something was amiss well in advance of any actual theft of customers' credit card data. Target had plenty of time to react—but did nothing. The $1.6 million software program from security firm FireEye detected the installation of malware on Nov. 30 and multiple times afterward, before hackers started stealing data, but the urgent alerts went unheeded.

Why didn't the software kill the malware on its own?

"The system has an option to automatically delete malware as it's detected. But according to two people who audited FireEye's performance after the breach, Target's security team turned that function off," says the story, which follows a two-month investigation. "It's possible that FireEye was still viewed with some skepticism by its minders at the time of the hack ..."

The story points to "inaction on the part of Target and a clear effort by FireEye to shore up its reputation," writes blogger John Biggs at TechCrunch. "If Target couldn’t be bothered to delete the malware, this piece suggests it’s not FireEye’s fault." Click for the full story, which, as Mashable points out, speculates that the mastermind of the Target hack might be a 22-year-old Ukrainian.

Community

Site Maps

Get Newser

What is Newser?

Face it: there's too much news. At Newser, we choose the most thought-provoking and entertaining stories from hundreds of US and international sources and reduce them to a headline, picture, and two paragraphs. And we do it 24/7—you can come back morning, noon, night (and in between) for something new that matters. Read less, know more.